<?php 
/* ================================================================================
 * LWAdmin	 
 *
 * roles.php: This is the roles file for Living Web.
 *
 * Author: Eric Hendrickson (enhendrickson@liberty.edu)
 * Date: 2/18/05
   ================================================================================ */
	
	global $SSO, $Security, $AppID, $User, $DB;
	//Check to see if there is a valid session 
	$SessionInfo = $SSO->isValidSession("index.php?action=login", $SSO->getSessionInformation());	
	
	//Check to see if the user has rights to be on LWAdmin
	$PageRights = array('ADMIN');
	$Security->ValidateUser($SessionInfo['username'], $AppID, $PageRights, 1);
		
	//Grab the user info
	$UserInfo = $User->GetUserInfo($SessionInfo['username']);
?>

<table cellpadding="0" cellspacing="0"  border="0">
	<tr>
		<td>
			<?php 
				if(!isset($_GET['a']))
				{
					$_GET['a'] = '';
				}

				switch($_GET['a'])
				{
					case 'choose_app':
					{
						if(isset($_GET['id']))
						{
							EditRoles($_GET['id']);
						}
						break; 	
					}
					case 'save':
					{
						global $DB;
						if(isset($_POST['txtRoleID']) && isset($_POST['txtAppID']))
						{
							$DB->query("SELECT * FROM roles WHERE AppID = '". $_POST['txtAppID'] ."' AND RoleID = '" . $_POST['txtRoleID'] . "'");
							
							if($row = $DB->fetch_row())
							{
								$db_string = $DB->compile_db_update_string( 
								array (
									'RoleID'		=> strtoupper($_POST['txtRoleID']),
									'RoleDesc'    		=> $_POST['txtRoleDesc'])
									);
								
								//insert the session into the sessions table
								$DB->query("UPDATE roles SET " . $db_string . " WHERE AppID = '" . $_POST['txtAppID'] . "' AND RoleID = '" . $_POST['txtRoleID'] . "'");
							}
							else
							{
								$db_string = $DB->compile_db_insert_string( 
								array (
									'AppID' => strtoupper($_POST['txtAppID']),
									'RoleID'		=> strtoupper($_POST['txtRoleID']),
									'RoleDesc'    		=> $_POST['txtRoleDesc'])
									);
								
								$DB->query("INSERT INTO roles (".$db_string['FIELD_NAMES'].") VALUES (".$db_string['FIELD_VALUES'].")");
							}
							
							header("Location: index.php?action=roles&a=choose_app&id=" . $_POST['txtAppID']);
						}
						else
						{
							print "There was an error please contact your administrator.";
						}
						break;
					}
					case 'delete':
					{
						if(isset($_POST['selRoles']) && isset($_POST['txtAppID']))
						{
							DeleteRole($_POST['txtAppID'],$_POST['selRoles']);
							header("Location: index.php?action=roles&a=choose_app&id=" . $_POST['txtAppID']);
						}
						else
						{
							header("Location: index.php?action=roles");
						}
						break;
					}
					default:
					{
						print '<form action="index.php?action=roles" method="post" name="frmRoles">';

						ChooseApp();

						print '</form>';
						break;
					}
				}
				?>	
		</td>
	</tr>
</table>


<?php 
	function EditRoles($app_id)
	{
		global $DB;
		
		$DB->query("SELECT * FROM apps WHERE AppID ='" . $app_id . "'");
		if(!($row = $DB->fetch_row()))
		{
			die("The id provided is not a valid application id.  If this is an unexpected error please contact the site administrator.");
		} 
		else
		{
			$app_name = $row['AppName'];
		}
	
		$DB->query("SELECT * FROM roles WHERE AppID ='" . $app_id . "'");
		
		$options = "";
		
		while($row = $DB->fetch_row())
		{
			$options = $options .  "<option value='" . $row['RoleID'] . "'>" . $row['RoleID'] . "</option>";
		}
		
		print <<<HTML
		<form action="index.php?action=roles" method="post" name="frmRoles">
			<input type="hidden" value="$app_id" name="txtAppID"> 
			<table cellpadding="0" cellspacing="0" align="center" border="0" width="90%">
				<tr>
					<td colspan="2">
						<span class="TB1">$app_name</span>
					</td>
				</tr>
				<tr>
					<td>
						<br>
					</td>
				</tr>
				<tr>
					<td align="center" valign="top">
						<table cellpadding="0" cellspacing="0" border="0">
							<tr>
								<td align="center">
									<span class="T1">Roles</span>
								</td>
							</tr>
							<tr>
								<td>
									<select name="selRoles" size="8" class="T1">
										$options
									</select>
								</td>
							</tr>
						</table>
					</td>
					<td valign="middle">
						<table cellpadding="0" cellspacing="0" border="0">
							<tr>
								<td>&nbsp;
								</td>
								<td>
									<span class="T1">Role</span><br>
									<input name="txtRoleID" type="text" class="T1">
								</td>
							</tr>
							<tr>
								<td>&nbsp;
								</td>
								<td>
									<span class="T1">Description</span><br>
									<textarea name="txtRoleDesc" cols="25" rows="3" class="T1"></textarea>
								</td>
							</tr>
						</table>
					</td>
				</tr>
				<tr>
					<td>
						<br>
					</td>
				</tr>
				<tr>
					<td colspan="2">
						<table cellpadding="0" cellspacing="0" align="center" border="0">
							<tr>
								<td>
									<input name="btnAdd" type="submit" class="B" value="Add/Update" onClick="frmRoles.action='index.php?action=roles&a=save';frmRoles.submit();">
								</td>
								<td>&nbsp;&nbsp;</td>
								<td>
									<input name="btnDelete" type="button" class="B" value="Delete" onClick="if(confirm('Are you sure you would like to delete this role?')){frmRoles.action='index.php?action=roles&a=delete';frmRoles.submit();}">
								</td>
							</tr>
						</table>
					</td>
				</tr>
			</table>
			</form>
HTML;
	}
	
	function DeleteRole($appid,$roleid)
	{
		global $DB;
		$DB->query("DELETE FROM roles WHERE AppID = '" . $appid . "' AND RoleID = '" . $roleid . "'");
		return;
	}

	function ChooseApp()
	{
		global $DB;
		
		$Apps = '<table cellpadding="0" cellspacing="0" border="0">
		<tr><td>&nbsp;</td></tr>
		<tr><td><span class="TB1" style="color:#555555;">Choose Application</span></td></tr>';

		$row_count = 1;
		$DB->query("SELECT * FROM apps ORDER BY AppName");
		while($row = $DB->fetch_row())
		{
			$Apps = $Apps . '<tr><td>&nbsp;&nbsp;&raquo;&nbsp;<a href="index.php?action=roles&amp;a=choose_app&amp;id=' . $row['AppID'] . '" class="L1">' . $row['AppName'] . '</a>&nbsp;&nbsp;&nbsp;</td></tr>';
		}
		
		$Apps = $Apps . '<tr><td>&nbsp;</td></tr></table>';
		
		print '
			<table cellpadding="0" cellspacing="0" align="center" border="0" width="100%">
				<tr>
					<td>' 
					. $Apps . 
					'</td>
				</tr>
			</table>
			</form>';
	}
?>
